tronbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's unbox command explicitly downloads templates from third-party names or URLs (e.g., GitHub) and places their config/migration files into the project for use (see references/features-init-unbox.md "tronbox unbox "), meaning untrusted, user-provided content is fetched and can be read/executed by the tool and thus influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a blockchain development framework (TronBox) that explicitly includes tools and APIs for interacting with TRON/TVM and EVM-compatible chains: TronWeb and ethers context, migration/deployer APIs, deploy/migrate/console commands, and contract abstraction methods like new(), at(), deployed() which send transactions. It also references providers and waitForTransactionReceipt. These are specific crypto/blockchain capabilities that enable creating and sending on-chain transactions (signing/deploying contracts, invoking contract methods), which constitutes direct financial execution authority.